fede186f67f4ca8ccfeb08d6fe659cbef01e0e5e92d2351fc7bb82f8db5ea42f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fede186f67f4ca8ccfeb08d6fe659cbef01e0e5e92d2351fc7bb82f8db5ea42f
Size

66KB
MD5

91c1019fd0a11623d3ac14c810d3ed70
SHA1

c092874a903fee6dd493f5d0445adf4303ae0e7a
SHA256

fede186f67f4ca8ccfeb08d6fe659cbef01e0e5e92d2351fc7bb82f8db5ea42f
SHA512

3e963520d3377d3b7d844d254fb50b43313198f93e1e089a99e94a2c2e5e222d435e9cd7a3bfbdb8da4ae415ff67b2d67965430963f93dca4693761b2d24ff98
SSDEEP

768:1s9muOD9l+M8ciEdRrN0HOhVO5OOnWtG2/m/zD43ifeLFeRvuBkGAJf/:1s9muOD9h8cZn6HOz0OTn3ifeIRyY/

Score

N/A

Malware Config

Signatures

Files

fede186f67f4ca8ccfeb08d6fe659cbef01e0e5e92d2351fc7bb82f8db5ea42f
.dll windows x86

6a8c11b7f4de4f877cbac1be993a2950

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ZwClose
DbgPrint
ZwAllocateVirtualMemory
ZwCreateEvent
ObReferenceObjectByHandle
ZwOpenKey
ZwQueryKey
KeQuerySystemTime
RtlEqualUnicodeString
KeSetEvent
PsGetProcessImageFileName
IoGetCurrentProcess
ZwWriteFile
KeInitializeApc
KeGetCurrentThread
ObfReferenceObject
KeInsertQueueApc
KeDelayExecutionThread
PsRemoveLoadImageNotifyRoutine
IoDeleteDevice
KeBugCheck
ObReferenceObjectByName
IoDriverObjectType
IofCompleteRequest
IoCreateDevice
PsSetLoadImageNotifyRoutine
ExAllocatePool
ZwCreateFile
_stricmp
ObfDereferenceObject

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ